General

  • Target

    3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8

  • Size

    523KB

  • Sample

    220201-mlx7psdea9

  • MD5

    95f48e694a8beb8fd3a21a0b7ce73aa6

  • SHA1

    6b5e94e8f94905be32eabc56ebf91ebd818dc61a

  • SHA256

    3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8

  • SHA512

    ac8df20bbbc36a77ef795ce047b942d3f0543f4baf92f4b9bf1df5ab8a31e6360c28c496ffbbda79c28408107d9fe9df4912ffd7cf25a532ce439ccd386b00a2

Malware Config

Targets

    • Target

      3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8

    • Size

      523KB

    • MD5

      95f48e694a8beb8fd3a21a0b7ce73aa6

    • SHA1

      6b5e94e8f94905be32eabc56ebf91ebd818dc61a

    • SHA256

      3a0148e166753487640e4b7d129c3bad7ee3cf8403953b552240d17851bdafc8

    • SHA512

      ac8df20bbbc36a77ef795ce047b942d3f0543f4baf92f4b9bf1df5ab8a31e6360c28c496ffbbda79c28408107d9fe9df4912ffd7cf25a532ce439ccd386b00a2

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • Blocklisted process makes network request

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks